Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Jun 1996 10:51:11 -0700
From:      Paul Traina <pst@shockwave.com>
To:        Bruce Evans <bde@zeta.org.au>, ache@freebsd.org
Cc:        CVS-committers@freefall.freebsd.org, ache@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-gnu@freefall.freebsd.org
Subject:   Re: cvs commit: src/gnu/usr.bin/man/man Makefile man.c 
Message-ID:  <199606221751.KAA22886@precipice.shockwave.com>
In-Reply-To: Your message of "Sat, 22 Jun 1996 16:29:17 %2B1000." <199606220629.QAA21238@godzilla.zeta.org.au> 

next in thread | previous in thread | raw e-mail | index | archive | help
Andrew asked me to review it, and I started to do so, found security
problems with it and never got back to him in a timely manner.  My fault.

Andrew, please back these changes out, I'm sorry, I'm totally swamped with
the new job, but I will absolutely positively get back to you next week.

Paul


  From: Bruce Evans <bde@zeta.org.au>
  Subject: Re: cvs commit:  src/gnu/usr.bin/man/man Makefile man.c
  >  Modified:    gnu/usr.bin/man/man  Makefile man.c
  >  Log:
  >  Close security holes and restore suid bit
  >  Restore writting cat's functionality
  
  >  Revision  Changes    Path
  >  1.16      +2 -0      src/gnu/usr.bin/man/man/Makefile
  >  1.15      +123 -46   src/gnu/usr.bin/man/man/man.c
  
  This should have been reviewed.  I found a bug easily:
  
  $ man -d ls
  [Nothing interestting]
  $ su
  # mkdir /usr/share/man/cat1	# I don't have cat directories
  # chown man /usr/share/man/cat1
  # exit
  $ man -d ls
  [Nothing interesting]
  $ man ls
  zcat: /usr/share/man/cat1/ls.1.gz: unexpected end of file
  [file is 0 bytes long]
  
  The old version built the cat file normally even in the debugging case.
  
  Bruce



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606221751.KAA22886>